Jon,
On 6/13/22 13:43, [email protected] wrote:
That's great if you use the manager app, but we don't use it or even make it
available.
Well... this /is/ a conversation about the JMXProxyServlet which is a
part of the Manager app. So either you have something to say (about
JMXProxyServlet) or you don't care about the whole discussion, right?
:)
-chris
-----Original Message-----
From: Konstantin Kolinko <[email protected]>
Sent: Monday, June 13, 2022 11:54 AM
To: Tomcat Developers List <[email protected]>
Subject: Re: Any interest in a read-only JMX role?
пн, 13 июн. 2022 г. в 19:32, Christopher Schultz
<[email protected]>:
All,
I've been thinking about the possibility of making a read-only JMX
role available for the existing manager-jmx capability.
[...]
Does anyone think this is a good idea?
I think it is a bad idea, because passwords (and maybe other secrets) are
visible through JMX, by design.
It might be worth to have some "status" role, but it has to be defined more
specifically than just a "view all" role.
Maybe the way to achieve the same result is to amend the server status
page, which is already provided by the manager app and has a dedicated
role.
Best regards,
Konstantin Kolinko.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected] For additional
commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
